Cloudy with a Chance of Cyberattacks: Dangling Resources Abuse on Cloud Platforms
Symposium on Networked Systems Design and Implementation(2024)
摘要
Recent works showed that it is feasible to hijack resources on cloud
platforms. In such hijacks, attackers can take over released resources that
belong to legitimate organizations. It was proposed that adversaries could
abuse these resources to carry out attacks against customers of the hijacked
services, e.g., through malware distribution. However, to date, no research has
confirmed the existence of these attacks. We identify, for the first time,
real-life hijacks of cloud resources. This yields a number of surprising and
important insights. First, contrary to previous assumption that attackers
primarily target IP addresses, our findings reveal that the type of resource is
not the main consideration in a hijack. Attackers focus on hijacking records
that allow them to determine the resource by entering freetext. The costs and
overhead of hijacking such records are much lower than those of hijacking IP
addresses, which are randomly selected from a large pool. Second, identifying
hijacks poses a substantial challenge. Monitoring resource changes, e.g.,
changes in content, is insufficient, since such changes could also be
legitimate. Retrospective analysis of digital assets to identify hijacks is
also arduous due to the immense volume of data involved and the absence of
indicators to search for. To address this challenge, we develop a novel
approach that involves analyzing data from diverse sources to effectively
differentiate between malicious and legitimate modifications. Our analysis has
revealed 20,904 instances of hijacked resources on popular cloud platforms.
While some hijacks are short-lived (up to 15 days), 1/3 persist for more than
65 days. We study how attackers abuse the hijacked resources and find that, in
contrast to the threats considered in previous work, the majority of the abuse
(75
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要